mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 13:53:39 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into jdreboot
This commit is contained in:
jdeckerMS
@ -52,7 +52,7 @@ You can manually enroll with an MDM using the **Settings** app on your Surface H
|
|||||||
|
|
||||||
## Manage Surface Hub settings with MDM
|
## Manage Surface Hub settings with MDM
|
||||||
|
|
||||||
You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
|
You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings)<!---, and some [Windows 10 settings](#supported-windows-10-settings)-->. Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
|
||||||
|
|
||||||
### Supported Surface Hub CSP settings
|
### Supported Surface Hub CSP settings
|
||||||
|
|
||||||
@ -61,7 +61,7 @@ You can configure the Surface Hub settings in the following table using MDM. The
|
|||||||
For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx).
|
For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx).
|
||||||
|
|
||||||
| Setting | Node in the SurfaceHub CSP | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
|
| Setting | Node in the SurfaceHub CSP | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
|
||||||
| -------------------- | -----------------------|-------------------------- | ---------------------------------------- | ------------------------- |
|
| -------------------- | ---------------------------------- | ------------------------- | ---------------------------------------- | ------------------------- |
|
||||||
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
|
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
|
||||||
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
|
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
|
||||||
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
|
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
|
||||||
@ -71,7 +71,9 @@ For more information, see [SurfaceHub configuration service provider](https://ms
|
|||||||
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> Use a custom setting. | Yes |
|
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> Use a custom setting. | Yes |
|
||||||
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> Use a custom setting. | Yes |
|
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> Use a custom setting. | Yes |
|
||||||
| Friendly name for wireless projection | Properties/FriendlyName | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
|
| Friendly name for wireless projection | Properties/FriendlyName | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
|
||||||
| Device account, including password rotation | DeviceAccount/\<name of policy\> <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
|
| Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Example: Manage Surface Hub settings with Micosoft Intune
|
## Example: Manage Surface Hub settings with Micosoft Intune
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
---
|
> ---
|
||||||
title: Chromebook migration guide (Windows 10)
|
title: Chromebook migration guide (Windows 10)
|
||||||
description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
|
description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
|
||||||
ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
|
ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
|
||||||
@ -35,8 +35,8 @@ App migration or replacement is an essential part of your Chromebook migration.
|
|||||||
|
|
||||||
Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio).
|
Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio).
|
||||||
|
|
||||||
**Note**
|
> [!NOTE]
|
||||||
The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
|
> The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -47,10 +47,8 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g
|
|||||||
|
|
||||||
2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**.
|
2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**.
|
||||||
|
|
||||||
**Note**
|
>[!NOTE]
|
||||||
The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
|
>The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**.
|
3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**.
|
||||||
|
|
||||||
@ -58,16 +56,14 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g
|
|||||||
|
|
||||||
5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
|
5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 15. Add the DaRT component to the Configuration Manager boot image.
|
Figure 15. Add the DaRT component to the Configuration Manager boot image.
|
||||||
|
|
||||||
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice.
|
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice.
|
||||||
|
|
||||||
**Note**
|
>[!NOTE]
|
||||||
It will take a few minutes to generate the boot image.
|
>It will take a few minutes to generate the boot image.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
|
7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
|
||||||
|
|
||||||
@ -75,9 +71,9 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g
|
|||||||
|
|
||||||
9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image.
|
9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 16. Content status for the Zero Touch WinPE x64 boot image.
|
Figure 16. Content status for the Zero Touch WinPE x64 boot image
|
||||||
|
|
||||||
10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
|
10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
|
||||||
|
|
||||||
|
|||||||
@ -49,25 +49,25 @@ To configure permissions for the various service accounts needed for operating s
|
|||||||
|
|
||||||
2. Select the Service Accounts OU and create the CM\_JD account using the following settings:
|
2. Select the Service Accounts OU and create the CM\_JD account using the following settings:
|
||||||
|
|
||||||
1. Name: CM\_JD
|
* Name: CM\_JD
|
||||||
|
|
||||||
2. User logon name: CM\_JD
|
* User logon name: CM\_JD
|
||||||
|
|
||||||
3. Password: P@ssw0rd
|
* Password: P@ssw0rd
|
||||||
|
|
||||||
4. User must change password at next logon: Clear
|
* User must change password at next logon: Clear
|
||||||
|
|
||||||
5. User cannot change password: Select
|
* User cannot change password: Select
|
||||||
|
|
||||||
6. Password never expires: Select
|
* Password never expires: Select
|
||||||
|
|
||||||
3. Repeat the step, but for the CM\_NAA account.
|
3. Repeat the step, but for the CM\_NAA account.
|
||||||
|
|
||||||
4. After creating the accounts, assign the following descriptions:
|
4. After creating the accounts, assign the following descriptions:
|
||||||
|
|
||||||
1. CM\_JD: Configuration Manager Join Domain Account
|
* CM\_JD: Configuration Manager Join Domain Account
|
||||||
|
|
||||||
2. CM\_NAA: Configuration Manager Network Access Account
|
* CM\_NAA: Configuration Manager Network Access Account
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -93,39 +93,37 @@ In order for the Configuration Manager Join Domain Account (CM\_JD) to join mach
|
|||||||
|
|
||||||
3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted:
|
3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted:
|
||||||
|
|
||||||
1. Scope: This object and all descendant objects
|
* Scope: This object and all descendant objects
|
||||||
|
|
||||||
2. Create Computer objects
|
* Create Computer objects
|
||||||
|
|
||||||
3. Delete Computer objects
|
* Delete Computer objects
|
||||||
|
|
||||||
4. Scope: Descendant Computer objects
|
* Scope: Descendant Computer objects
|
||||||
|
|
||||||
5. Read All Properties
|
* Read All Properties
|
||||||
|
|
||||||
6. Write All Properties
|
* Write All Properties
|
||||||
|
|
||||||
7. Read Permissions
|
* Read Permissions
|
||||||
|
|
||||||
8. Modify Permissions
|
* Modify Permissions
|
||||||
|
|
||||||
9. Change Password
|
* Change Password
|
||||||
|
|
||||||
10. Reset Password
|
* Reset Password
|
||||||
|
|
||||||
11. Validated write to DNS host name
|
* Validated write to DNS host name
|
||||||
|
|
||||||
12. Validated write to service principal name
|
* Validated write to service principal name
|
||||||
|
|
||||||
## <a href="" id="sec03"></a>Review the Sources folder structure
|
## <a href="" id="sec03"></a>Review the Sources folder structure
|
||||||
|
|
||||||
|
|
||||||
To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01):
|
To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01):
|
||||||
|
|
||||||
**Note**
|
>[!NOTE]
|
||||||
In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server.
|
>In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- E:\\Sources
|
- E:\\Sources
|
||||||
|
|
||||||
@ -168,9 +166,9 @@ To extend the Configuration Manager console with MDT 2013 Update 2 wizards and t
|
|||||||
|
|
||||||
5. From the Start screen, run Configure ConfigManager Integration with the following settings:
|
5. From the Start screen, run Configure ConfigManager Integration with the following settings:
|
||||||
|
|
||||||
1. Site Server Name: CM01.contoso.com
|
* Site Server Name: CM01.contoso.com
|
||||||
|
|
||||||
2. Site code: PS1
|
* Site code: PS1
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -221,15 +219,15 @@ Configuration Manager has many options for starting a deployment, but starting v
|
|||||||
|
|
||||||
3. In the **PXE** tab, select the following settings:
|
3. In the **PXE** tab, select the following settings:
|
||||||
|
|
||||||
1. Enable PXE support for clients
|
* Enable PXE support for clients
|
||||||
|
|
||||||
2. Allow this distribution point to respond to incoming PXE requests
|
* Allow this distribution point to respond to incoming PXE requests
|
||||||
|
|
||||||
3. Enable unknown computer support
|
* Enable unknown computer support
|
||||||
|
|
||||||
4. Require a password when computers use PXE
|
* Require a password when computers use PXE
|
||||||
|
|
||||||
5. Password and Confirm password: Passw0rd!
|
* Password and Confirm password: Passw0rd!
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -82,6 +82,7 @@ During a computer replace, these are the high-level steps that occur:
|
|||||||
1. Select a task sequence to execute on this computer: Backup Only Task Sequence
|
1. Select a task sequence to execute on this computer: Backup Only Task Sequence
|
||||||
* Specify where to save your data and settings: Specify a location
|
* Specify where to save your data and settings: Specify a location
|
||||||
* Location: \\\\MDT01\\MigData$\\PC0002
|
* Location: \\\\MDT01\\MigData$\\PC0002
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
|
>If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
|
||||||
|
|
||||||
|
|||||||
@ -101,7 +101,7 @@ IMPORTANT: Restart user computers after you install the compatibility update KBs
|
|||||||
|
|
||||||
| **Site discovery** | **KB** |
|
| **Site discovery** | **KB** |
|
||||||
|----------------------|-----------------------------------------------------------------------------|
|
|----------------------|-----------------------------------------------------------------------------|
|
||||||
| [Review site discovery](upgrade-analytics-review-site-discovery.md) | Site discovery requires the [July 2016 security update for Internet Explorer](https://support.microsoft.com/en-us/kb/3170106) (KB3170106) or later. |
|
| [Review site discovery](upgrade-analytics-review-site-discovery.md) | Site discovery requires the [Cumulative Security Update for Internet Explorer 11](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=internet%20explorer%2011%20cumulative%20update), starting with the July 2016 update (KB3170106). |
|
||||||
|
|
||||||
|
|
||||||
### Automate data collection
|
### Automate data collection
|
||||||
|
|||||||
@ -15,7 +15,7 @@ This section of the Upgrade Analytics workflow provides an inventory of web site
|
|||||||
|
|
||||||
Ensure the following prerequisites are met before using site discovery:
|
Ensure the following prerequisites are met before using site discovery:
|
||||||
|
|
||||||
1. Install the latest Internet Explorer 11 Cumulative Update. This update provides the capability for site discovery and is available in the [July 2016 cumulative update](https://support.microsoft.com/kb/3170106) and later.
|
1. Install the latest Internet Explorer 11 Cumulative Security Update. This update provides the capability for site discovery and is available in the [Internet Explorer 11 Cumulative Security Update](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=internet%20explorer%2011%20cumulative%20update), starting with the July 2016 update.
|
||||||
2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
|
2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
|
||||||
3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it.
|
3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it.
|
||||||
|
|
||||||
|
|||||||
@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
|
|||||||
|
|
||||||
| New or changed topic | Description |
|
| New or changed topic | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
|
|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) and [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the text about the icon overlay option. This icon now only appears on corporate files in the Save As and File Explore views. |
|
||||||
|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Added content about using ActiveX controls.|
|
|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Added content about using ActiveX controls.|
|
||||||
|[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |New |
|
|[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |New |
|
||||||
|[VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic |
|
|[VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic |
|
||||||
|
|||||||
@ -457,11 +457,11 @@ After you've decided where your protected apps can access enterprise data on you
|
|||||||
|
|
||||||
- **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
|
- **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
|
||||||
|
|
||||||
- **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files or in the **Start** menu, on top of the tiles for your unenlightened protected apps. The options are:
|
- **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explore views. The options are:
|
||||||
|
|
||||||
- **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear for files or on top of the tiles for your unenlightened protected apps in the **Start** menu.
|
- **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explore views.
|
||||||
|
|
||||||
- **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing for files or on top of the tiles for your unenlightened protected apps in the **Start** menu.
|
- **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing on corporate files in the Save As and File Explore views.
|
||||||
|
|
||||||
2. Click **Save Policy**.
|
2. Click **Save Policy**.
|
||||||
|
|
||||||
|
|||||||
@ -443,7 +443,7 @@ There are no default locations included with WIP, you must add each of your netw
|
|||||||
|
|
||||||
- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
|
- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
|
||||||
|
|
||||||
- **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps.
|
- **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate file icons in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explore views.
|
||||||
|
|
||||||
5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
|
5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
|
||||||
|
|
||||||
|
|||||||
@ -18,7 +18,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
|
|||||||
| --- | --- |
|
| --- | --- |
|
||||||
| [Manage device restarts after updates](waas-restart.md) | New |
|
| [Manage device restarts after updates](waas-restart.md) | New |
|
||||||
| [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) |Added an important note about Cortana and Office 365 integration. |
|
| [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) |Added an important note about Cortana and Office 365 integration. |
|
||||||
| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added link to the Windows Restricted Traffic Limited Functionality Baseline. |
|
| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added link to the Windows Restricted Traffic Limited Functionality Baseline. Added Teredo Group Policy. |
|
||||||
|
|
||||||
|
|
||||||
## September 2016
|
## September 2016
|
||||||
|
|||||||
@ -81,9 +81,9 @@ An added work account provides the same SSO experience in browser apps like Offi
|
|||||||
|
|
||||||
An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](https://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](https://go.microsoft.com/fwlink/p/?LinkID=691615)
|
An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](https://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](https://go.microsoft.com/fwlink/p/?LinkID=691615)
|
||||||
|
|
||||||
- **Microsoft Passport**
|
- **Windows Hello**
|
||||||
|
|
||||||
Creating a Microsoft Passport (PIN) is required on Windows 10 Mobile by default and cannot be disabled. [You can control Microsoft Passport policies](https://go.microsoft.com/fwlink/p/?LinkId=735079) using controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Windows Hello (biometrics such as fingerprint or iris) can be used for Passport authentication. Creating a Microsoft Passport requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Microsoft Passport for Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=735004)
|
Creating a Windows Hello (PIN) is required on Windows 10 Mobile by default and cannot be disabled. You can control Windows Hello policiesusing controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Biometrics such as fingerprint or iris can be used for authentication. Creating a Windows Hello requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Windows Hello for Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=735004)
|
||||||
|
|
||||||
- **Conditional access**
|
- **Conditional access**
|
||||||
|
|
||||||
|
|||||||
@ -92,7 +92,7 @@ See the following table for a summary of the management settings for Windows 10
|
|||||||
| [16.17 Motion](#bkmk-priv-motion) |  |  | | | |
|
| [16.17 Motion](#bkmk-priv-motion) |  |  | | | |
|
||||||
| [17. Software Protection Platform](#bkmk-spp) | |  |  | | |
|
| [17. Software Protection Platform](#bkmk-spp) | |  |  | | |
|
||||||
| [18. Sync your settings](#bkmk-syncsettings) |  |  |  | | |
|
| [18. Sync your settings](#bkmk-syncsettings) |  |  |  | | |
|
||||||
| [19. Teredo](#bkmk-teredo) | | | | |  |
|
| [19. Teredo](#bkmk-teredo) | |  | | |  |
|
||||||
| [20. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
|
| [20. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
|
||||||
| [21. Windows Defender](#bkmk-defender) | |  |  |  | |
|
| [21. Windows Defender](#bkmk-defender) | |  |  |  | |
|
||||||
| [22. Windows Media Player](#bkmk-wmp) |  | | | |  |
|
| [22. Windows Media Player](#bkmk-wmp) |  | | | |  |
|
||||||
@ -121,7 +121,7 @@ See the following table for a summary of the management settings for Windows Ser
|
|||||||
| [16. Settings > Privacy](#bkmk-settingssection) | | | | |
|
| [16. Settings > Privacy](#bkmk-settingssection) | | | | |
|
||||||
| [16.1 General](#bkmk-priv-general) |  |  |  | |
|
| [16.1 General](#bkmk-priv-general) |  |  |  | |
|
||||||
| [17. Software Protection Platform](#bkmk-spp) | |  | | |
|
| [17. Software Protection Platform](#bkmk-spp) | |  | | |
|
||||||
| [19. Teredo](#bkmk-teredo) | | | |  |
|
| [19. Teredo](#bkmk-teredo) | |  | |  |
|
||||||
| [21. Windows Defender](#bkmk-defender) | |  |  | |
|
| [21. Windows Defender](#bkmk-defender) | |  |  | |
|
||||||
| [22. Windows Media Player](#bkmk-wmp) | | | |  |
|
| [22. Windows Media Player](#bkmk-wmp) | | | |  |
|
||||||
| [24. Windows Store](#bkmk-windowsstore) | |  | | |
|
| [24. Windows Store](#bkmk-windowsstore) | |  | | |
|
||||||
@ -138,7 +138,7 @@ See the following table for a summary of the management settings for Windows Ser
|
|||||||
| [5. Font streaming](#font-streaming) |  |  | |
|
| [5. Font streaming](#font-streaming) |  |  | |
|
||||||
| [12. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
|
| [12. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
|
||||||
| [17. Software Protection Platform](#bkmk-spp) |  | | |
|
| [17. Software Protection Platform](#bkmk-spp) |  | | |
|
||||||
| [19. Teredo](#bkmk-teredo) | | |  |
|
| [19. Teredo](#bkmk-teredo) |  | |  |
|
||||||
| [21. Windows Defender](#bkmk-defender) |  |  | |
|
| [21. Windows Defender](#bkmk-defender) |  |  | |
|
||||||
| [26. Windows Update](#bkmk-wu) |  |  | |
|
| [26. Windows Update](#bkmk-wu) |  |  | |
|
||||||
|
|
||||||
@ -1115,7 +1115,14 @@ To turn off Messaging cloud sync:
|
|||||||
|
|
||||||
### <a href="" id="bkmk-teredo"></a>19. Teredo
|
### <a href="" id="bkmk-teredo"></a>19. Teredo
|
||||||
|
|
||||||
You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
|
You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>If you disable Teredo, some XBOX gaming features and Windows Update Delivery Optimization will not work.
|
||||||
|
|
||||||
|
- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** > **TCPIP Settings** > **IPv6 Transition Technologies** > **Set Teredo State** and set it to **Disabled State**.
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- From an elevated command prompt, run **netsh interface teredo set state disabled**
|
- From an elevated command prompt, run **netsh interface teredo set state disabled**
|
||||||
|
|
||||||
|
|||||||
@ -19,9 +19,11 @@ If you’re already using UE-V 2.x and you’re planning to upgrade user devices
|
|||||||
|
|
||||||
2. Verify that UE-V settings were migrated correctly.
|
2. Verify that UE-V settings were migrated correctly.
|
||||||
|
|
||||||
3. Enable the UE-V service on user devices.
|
3. Set the template storage path to your current template store.
|
||||||
|
|
||||||
4. Install the UE-V template generator if you want to synchronize application settings for custom applications.
|
4. Enable the UE-V service on user devices.
|
||||||
|
|
||||||
|
5. Install the UE-V template generator if you want to synchronize application settings for custom applications.
|
||||||
|
|
||||||
> **Important** You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607..
|
> **Important** You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607..
|
||||||
|
|
||||||
@ -49,7 +51,11 @@ After upgrading a user device to Windows 10, version 1607, it’s important to v
|
|||||||
|
|
||||||
2. Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.**
|
2. Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.**
|
||||||
|
|
||||||
3. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10.
|
3. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10.
|
||||||
|
|
||||||
|
## Set the template storage path to your current template store
|
||||||
|
|
||||||
|
Template Settings Storage Path will not automatically migrate. Run Set-UEVConfiguration in PowerShell or use the settings storage path Group Policy to configure and point to your current settings storage folder.
|
||||||
|
|
||||||
## Enable the UE-V service on user devices
|
## Enable the UE-V service on user devices
|
||||||
|
|
||||||
|
|||||||
@ -225,7 +225,7 @@ To specify which devices are preferred, you can set the **Max Cache Age** config
|
|||||||
|
|
||||||
On devices that are not preferred, you can choose to set the following policy to prioritize data coming from local peers instead of the Internet:
|
On devices that are not preferred, you can choose to set the following policy to prioritize data coming from local peers instead of the Internet:
|
||||||
|
|
||||||
- Set **DOBackgroundQoS** with a low value, for example `65536` which is the equivalent of 64 KB/s.
|
- Set **DOMinBackgroundQoS** with a low value, for example `65536` which is the equivalent of 64 KB/s.
|
||||||
|
|
||||||
## Learn more
|
## Learn more
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user